Cryptojacking arises

Cryptojacking
Posted by: Orhan Sari Category: Cyber-security Awareness, News Tags: Post Date: April 3, 2018

Cryptojacking arises

One of the latest cybersecurity threat,  cryptojacking, is the secret use of your computing device to mine cryptocurrency.[1] It is becoming more prevalent that cryptojacking attacks exploded by 8,500% in 2017, due to the sudden increase in cryptocurrency values. According to Symantec, UK ranked as the fifth highest country worldwide, with a staggering 44,000% increase in coin-miner detections.[2]

How does Cryptojacking work?

It is a process that hackers and websites host sections of code that have the ability to hijack your computer power to mine cryptocurrency for the perpetrators gain.  Crypto-jacking, also referred as coin mining, in which is cyber criminals to extract money from targets’ cryptocurrency. Different from ransomware, Cryptojacking takes a different approach, “harnessing victims’ machines to “mine”: perform the computations necessary to update cryptocurrencies’ blockchains, creating new tokens and generating fees in the process. These new tokens and fees are deposited to wallets owned by the attacker, while the costs of mining – electricity and wear and tear to computers – are borne by the victim.”[3]

In some attack versions, cryptojacking doesn’t need a program to be installed. Cybercriminals use browsers to mine the crypto coins. In-browser cryptojacking, they use JavaScript on a web page to mine for cryptocurrencies. “JavaScript runs on just about every website you visit, so the JavaScript code responsible for in-browser mining doesn’t need to be installed. You load the page, and the in-browser mining code just runs. No need to install, and no need to opt-in.”[1]

Unlike other attacks, cryptojacking doesn’t aim to destroy or steal information from the victim’s computer, instead, it simply use the hardware to perform mining operations, which in turn, put additional strain on the victim’s computer. As a result, this situation will cause victim’s computer to slow down, overheat the processor, freezes, or sudden shutdowns.[4]

 

Detections of coinminers on endpoint computers in 2017

Figure 1. Detections of coinminers on endpoint computers in 2017 surged by 8,500 percent (Symantec, 2018)

According to Symantec, the biggest trend in 2017 was the explosion in cryptocurrency coin mining. The surge in interest in this area was such that detections of coinminers on endpoint computers in 2017 surged by 8,500 percent.

According to 2018 Internet Security Threat Report, coin mining attacks explode. Cybercriminals are now starting to explore other opportunities, after focusing on ransomware for revenue generation.In 2017 the astronomical rise in cryptocurrency values led many cybercriminals to shift to crytojacking as an alternative revenue source. This resulted in an 8,500 percent increase in detections of coin-miners on endpoint computers in 2017.[5]

8,500 % Increase in coinminer detections.

8,500 % Increase in coinminer detections. (Symantec, 2018)

With a low barrier of entry—only requiring a couple lines of code to operate—cybercriminals are using coinminers to steal computer processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. While the immediate impact of coin mining is typically performance related—slowing down devices, overheating batteries, and in some cases, rendering devices unusable—there are broader implications, particularly for organizations. Corporate networks are at risk of shutdown from coinminers aggressively propagated across their environment. There may also be financial implications for organizations who find themselves billed for cloud CPU usage by coinminers. [5]

Cryptojacking is a perfect way of hacking of cryptocurrencies such as Bitcoin, Litecoin, and Ripple (among many, many others). However, to do so, mining for cryptocurrency requires massive computing power. “This, in turn, has led enterprising miners to seek new and sometimes unethical methods of gaining access to computing resources by hijacking them via web browsers, giving rise to a new form of malware called cryptojacking.”[6]

Examples of Cryptojacking Attacks

A Spanish cybersecurity firm, Panda, discovered WannaMine in October 2017. Unlike other malware variants, it was particularly hard to detect and block. In February 2018, Panda stated that a cyrptojacking script known as WannaMine had spread to computers around the world and being used to mine a cryptocurrency. [3]

In February 2018, Coinhive cryptocurrency mining script injected into 1000s of government websites via a browsealoud plugin in the US, UK  and Australia.[7]

Recently, unidentified hackers broke into a Tesla-owned Amazon cloud account and used it to “mine” cryptocurrency. The breach also exposed proprietary data for the electric carmaker. The researchers in RedLock said they discovered the intrusion while trying to determine which organization left credentials for an Amazon Web Services (AWS) account open to the public Internet. Then, the owner of the account turned out to be Tesla.[8]

How to find out if your PC secretly mines cryptocurrency?

If a particular website is sweating your processor, while the most of the browser tabs are closed, and no applications are running, it is possible that you are becoming a target of cryptojacking.

How to block cryptojacking?

When your system is under a cryptojacking attack, it will begin to use its resources to perform a mining operation. As I explained,  it will put a strain on your computer system such as CPU. This is an important sign that a cryptojacking is underway. If you notice that your CPU goes into overdrive when visiting a specific site, it may be due to cryptojacking. You can check your CPU’s usage via your operating system.  Use a good adblocker or script blocker that will able to pick up on the script and stop it from loading in the browser. There are even dedicated plugins built around stopping browser mining, such as AntiMiner.[4]

References

[1]https://hackerbits.com/programming/what-is-cryptojacking/

[2]https://hackernoon.com/crypto-jacking-whats-really-going-on-inside-your-computer-eca62d2bafcf

[3]https://www.investopedia.com/terms/c/cryptojacking.asp#ixzz5B2PgNp00

[4]https://www.maketecheasier.com/protect-yourself-from-cryptojacking/

[5]https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-executive-summary-en.pdf

[6]https://www.helpnetsecurity.com/2018/02/27/cryptojacking-malware/

[7]https://blogs.forcepoint.com/security-labs/coinhive-cryptocurrency-mining-script-injected-1000s-government-websites-browsealoud

[8]http://fortune.com/2018/02/20/tesla-hack-amazon-cloud-cryptocurrency-mining/

 

 

 

 

 

 

 

 

 

 

 

 

Share this post